Smartwatches are generally considered safe to keep track of your kids when they are outside the home. However, there is a scary new revelation about this seemingly reliable gadget that it is possible to hack GPS-enabled smartwatches.
Probably a majority of children wear smartwatches these days, and the fact that one of the most popular brand’s smartwatch can be easily hacked is certainly worrisome.
Security researchers have identified that MiSafe’s smartwatch is equipped with lackluster security measures and this is why the device becomes prone to exploitation.
MiSafes Kid’s Watcher Plus, which is a GPS-enabled smartwatch, is currently in use by thousands of parents in the United Kingdom. It lets the parents track the location of their kids, leave a voice message, and initiate remote conversations.
The devices’ vulnerability to hacking was discovered by security researcher Ken Munro. Munro identified that the devices didn’t encrypt the collected data and also didn’t secure the child’s account. Resultantly, the smartwatch becomes vulnerable to hacking as anyone can track the movements of the child or listen to their conversations and activities.
It is also possible for the hacker to make fake calls to the child impersonating as the parent. All of this can be done simply by getting the smartwatch download software that lets the hacker track the child’s movements.
Munro, a cyber-security expert at Pen Test Partners, claims that the matter is so serious that the smartwatch’s sale must be halted immediately. During the testing phase, Munro reveals, his team identified that nearly 14,000 smartwatches from MiSafes are currently active.
“We were shocked by how easy [the smartwatch] was to hack,” said Munro.
He further added that it was also possible for him to access the profile details of the child including name, photograph, and date of birth, gender, height, and weight.
MiSafes smartwatches were launched in 2015 and can be bought for only £9; this is why the smartwatch has become the preferred choice of parents in the UK. Parents can listen to the conversations of their children while they are away and also make a call, which is the most concerning feature in case the gadget gets hacked.
Pen Test Partners also tested the device’s vulnerability by trying to swap the caller number with their own and managed to call the child under the contact name Mum or Dad.
The researchers at Pen Test Partners tried to contact MiSafes to notify them about the issue but the company didn’t respond.
According to Jan van Vliet, VP and GM EMEA at Digital Guardian, as smart devices permeate all aspects of our lives, the burden of properly securing them must fall squarely on product manufacturers, software developers, and network providers. After all, it makes sense that those developing and profiting from smart tech should be held responsible for ensuring that their products and services pose no risk to end-user security or privacy; especially when children are involved.
“What we really need to see is far more stringent rules to force manufacturers to build security into their devices. Part of the responsibility also lies with the network providers. These companies control the updates, configuration settings and network access for such devices and it is therefore important that they are taking measures to monitor this,” Vliet added.
This is not the first time when MiSafes’s product is making headlines for all the wrong reasons. In February this year, security researchers identified a critical security flaw in over 52,000 video baby monitors manufactured by MiSafes. What’s worse is that but despite informing MiSafes on several occasions since December 2017, there was no response from the company.